3 NETWORK WORKING GROUP N. Williams
5 Expires: December 30, 2004 July 2004
8 A PRF API extension for the GSS-API
9 draft-ietf-kitten-gssapi-prf-02.txt
13 By submitting this Internet-Draft, I certify that any applicable
14 patent or other IPR claims of which I am aware have been disclosed,
15 and any of which I become aware will be disclosed, in accordance with
18 Internet-Drafts are working documents of the Internet Engineering
19 Task Force (IETF), its areas, and its working groups. Note that
20 other groups may also distribute working documents as
23 Internet-Drafts are draft documents valid for a maximum of six months
24 and may be updated, replaced, or obsoleted by other documents at any
25 time. It is inappropriate to use Internet-Drafts as reference
26 material or to cite them other than as "work in progress."
28 The list of current Internet-Drafts can be accessed at
29 http://www.ietf.org/ietf/1id-abstracts.txt.
31 The list of Internet-Draft Shadow Directories can be accessed at
32 http://www.ietf.org/shadow.html.
34 This Internet-Draft will expire on December 30, 2004.
38 Copyright (C) The Internet Society (2004). All Rights Reserved.
42 This document defines a Pseudo-Random Function (PRF) extension to the
43 Generic Security Service Applicatoin Programming Interface (GSS-API)
44 for keying application protocols given an established GSS-API
45 security context. The primary intended use of this function is to
46 key secure session layers that don't or cannot use GSS-API
47 per-message MIC (message integrity check) and wrap tokens for session
55 Williams Expires December 30, 2004 [Page 1]
57 Internet-Draft A PRF Extension for the GSS-API July 2004
62 1. Conventions used in this document . . . . . . . . . . . . . . 3
63 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
64 3. GSS_Pseudo_random() . . . . . . . . . . . . . . . . . . . . . 5
65 3.1 C-Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . 6
66 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7
67 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
68 5.1 Normative References . . . . . . . . . . . . . . . . . . . . . 8
69 5.2 Informative References . . . . . . . . . . . . . . . . . . . . 8
70 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
71 Intellectual Property and Copyright Statements . . . . . . . . 9
111 Williams Expires December 30, 2004 [Page 2]
113 Internet-Draft A PRF Extension for the GSS-API July 2004
116 1. Conventions used in this document
118 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
119 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
120 document are to be interpreted as described in [RFC2119].
167 Williams Expires December 30, 2004 [Page 3]
169 Internet-Draft A PRF Extension for the GSS-API July 2004
174 A need has arisen for users of the GSS-API to key applications'
175 cryptographic protocols using established GSS-API security contexts.
176 Such applications can use the GSS-API for authentication, but not for
177 transport security (for whatever reasons), and since the GSS-API does
178 not provide a method for obtaining keying material from established
179 security contexts such applications cannot make effective use of the
182 To address this need we define a pseudo-random function (PRF)
183 extension to the GSS-API.
223 Williams Expires December 30, 2004 [Page 4]
225 Internet-Draft A PRF Extension for the GSS-API July 2004
228 3. GSS_Pseudo_random()
232 o context CONTEXT handle,
233 o prf_in OCTET STRING,
234 o desired_output_len INTEGER
238 o major_status INTEGER,
239 o minor_status INTEGER,
240 o prf_out OCTET STRING
242 Return major_status codes:
243 o GSS_S_COMPLETE indicates no error.
244 o GSS_S_NO_CONTEXT indicates that a null context has been provided
246 o GSS_S_CONTEXT_EXPIRED indicates that an expired context has been
248 o GSS_S_UNAVAILABLE indicates that the mechanism lacks support for
249 this function or, if the security context is not fully
250 established, that the context is not ready to compute the PRF.
251 o GSS_S_FAILURE indicates failure or lack of support; the minor
252 status code may provide additional information.
254 This function applies the established context's mechanism's keyed PRF
255 function to the input data (prf_in), keyed with key material
256 associated with the given security context and outputs the resulting
257 octet string (prf_out) of desired_output_len length.
259 The output string of this function MUST be a pseudo-random function
260 [GGM1][GGM2] of the input keyed with key material from the
261 established security context -- the chances of getting the same
262 output given different input parameters should be exponentially
265 This function, applied to the same inputs by an initiator and
266 acceptor using the same established context, MUST produce the *same
267 results* for both, the initiator and acceptor, even if called
268 multiple times for the same context.
270 Mechanisms MAY limit the output of the PRF according, possibly in
271 ways related to the types of cryptographic keys available for the PRF
272 function, thus the prf_out output of GSS_Pseudo_random() MAY be
273 smaller than requested.
275 Mechanisms may be able to compute PRFs with security contexts that
279 Williams Expires December 30, 2004 [Page 5]
281 Internet-Draft A PRF Extension for the GSS-API July 2004
284 are not fully established, therefore applications MAY call
285 GSS_Pseudo_random() with such security contexts. Such mechanisms
286 MUST return GSS_S_UNAVAILABLE when called on to compute a PRF given a
287 security context that is not fully established and also not ready for
288 PRF computation. Mechanisms that allow for PRF computation prior to
289 full security context establishment MUST use the same PRF and key
290 material, for any given security context, both, before and after full
291 context establishment, and the PRF and key material negotiation MUT
292 be authenticated when the security context is fully established.
296 OM_uint32 gss_pseudo_random(
297 OM_uint32 *minor_status,
298 gss_ctx_id_t context,
299 const gss_buffer_t prf_in,
300 ssize_t desired_output_len,
335 Williams Expires December 30, 2004 [Page 6]
337 Internet-Draft A PRF Extension for the GSS-API July 2004
340 4. Security Considerations
342 Care should be taken in properly designing a mechanism's PRF
345 GSS mechanisms' PRF functions should use a key derived from contexts'
346 session keys and should preserve the forward security properties of
347 the mechanisms' key exchanges.
349 Some mechanisms may support the GSS PRF function with security
350 contexts that are not fully established, but applications MUST assume
351 that authentication, mutual or otherwise, has not completed until the
352 security context is fully established
391 Williams Expires December 30, 2004 [Page 7]
393 Internet-Draft A PRF Extension for the GSS-API July 2004
398 5.1 Normative References
400 [GGM1] Goldreich, O., Goldwasser, S. and S. Micali, "How to
401 Construct Random Functions", October 1986.
403 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
404 Requirement Levels", BCP 14, RFC 2119, March 1997.
406 [RFC2743] Linn, J., "Generic Security Service Application Program
407 Interface Version 2, Update 1", RFC 2743, January 2000.
409 [RFC2744] Wray, J., "Generic Security Service API Version 2 :
410 C-bindings", RFC 2744, January 2000.
412 5.2 Informative References
414 [GGM2] Goldreich, O., Goldwasser, S. and S. Micali, "On the
415 Cryptographic Applications of Random Functions", 1985.
417 [RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
418 Recommendations for Security", RFC 1750, December 1994.
429 EMail: Nicolas.Williams@sun.com
447 Williams Expires December 30, 2004 [Page 8]
449 Internet-Draft A PRF Extension for the GSS-API July 2004
452 Intellectual Property Statement
454 The IETF takes no position regarding the validity or scope of any
455 Intellectual Property Rights or other rights that might be claimed to
456 pertain to the implementation or use of the technology described in
457 this document or the extent to which any license under such rights
458 might or might not be available; nor does it represent that it has
459 made any independent effort to identify any such rights. Information
460 on the procedures with respect to rights in RFC documents can be
461 found in BCP 78 and BCP 79.
463 Copies of IPR disclosures made to the IETF Secretariat and any
464 assurances of licenses to be made available, or the result of an
465 attempt made to obtain a general license or permission for the use of
466 such proprietary rights by implementers or users of this
467 specification can be obtained from the IETF on-line IPR repository at
468 http://www.ietf.org/ipr.
470 The IETF invites any interested party to bring to its attention any
471 copyrights, patents or patent applications, or other proprietary
472 rights that may cover technology that may be required to implement
473 this standard. Please address the information to the IETF at
477 Disclaimer of Validity
479 This document and the information contained herein are provided on an
480 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
481 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
482 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
483 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
484 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
485 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
490 Copyright (C) The Internet Society (2004). This document is subject
491 to the rights, licenses and restrictions contained in BCP 78, and
492 except as set forth therein, the authors retain all their rights.
497 Funding for the RFC Editor function is currently provided by the
503 Williams Expires December 30, 2004 [Page 9]